← Back to Skills Marketplace
1495
Downloads
0
Stars
4
Active Installs
5
Versions
Install in OpenClaw
/install kai-tw-figma
Description
Interact with Figma files to read structure, export layers as images, and retrieve comments using the Figma REST API with authentication.
README (SKILL.md)
Figma Skill
This skill allows the agent to interact with Figma files via the REST API.
Setup
Requires a Figma Personal Access Token (PAT).
Environment Variable: FIGMA_TOKEN
Procedures
1. Read File Structure
To understand the contents of a Figma file (pages, frames, layers):
python scripts/figma_tool.py get-file \x3Cfile_key>
2. Export Images
To export specific layers/components as images:
python scripts/figma_tool.py export \x3Cfile_key> --ids \x3Cid1>,\x3Cid2> --format \x3Cpng|jpg|svg|pdf> --scale \x3C1|2|3|4>
3. Check Comments
To list recent comments on a file:
python scripts/figma_tool.py get-comments \x3Cfile_key>
References
Usage Guidance
This skill appears to do what it claims, but take normal precautions: only install from trusted sources; supply a Figma PAT with the minimum required scope and rotate it if you stop using the skill; run exports in a safe/isolated working directory (the tool writes files to CWD); be aware the script will download image URLs returned by the Figma API (so inspect logs or filenames if you worry about unexpected hosts); and review the included script before use if you want to verify there are no changes beyond read-only API calls.
Capability Analysis
Type: OpenClaw Skill
Name: kai-tw-figma
Version: 1.0.3
The OpenClaw AgentSkill for Figma is classified as benign. The skill's code (`scripts/figma_tool.py`) and documentation (`SKILL.md`, `README.md`) clearly outline its purpose: interacting with the Figma REST API to read file structures, retrieve comments, and export assets. It uses `argparse` for robust command-line argument parsing, mitigating direct shell injection vulnerabilities from user input. The `FIGMA_TOKEN` is handled securely via environment variables, and all network communication is directed to the official Figma API. The `README.md` explicitly addresses security concerns and clarifies that the skill only performs read-only operations on Figma files and does not interact with unrelated system files or arbitrary endpoints. There is no evidence of intentional data exfiltration, persistence mechanisms, or malicious prompt injection attempts against the agent.
Capability Assessment
Purpose & Capability
Name/description match the actual functionality. The only required environment variable is FIGMA_TOKEN, which is exactly what a Figma API client needs. The scripts expose read-only endpoints (file, comments, team/project listing) and image export — all aligned with the stated purpose.
Instruction Scope
SKILL.md instructs the agent to run the included CLI script and only references the FIGMA_TOKEN. The script makes HTTP requests to api.figma.com and downloads image URLs returned by the Figma images endpoint. The skill writes exported image files to the current working directory (documented in README). There are no instructions to read unrelated local files or send data to unexpected external endpoints.
Install Mechanism
No install specification is provided (instruction-only skill with included Python script). Nothing is downloaded or installed automatically; no external archives or third-party packages are pulled by an installer.
Credentials
Only FIGMA_TOKEN is required. That single credential is proportional to a Figma API client. The README appropriately flags FIGMA_TOKEN as sensitive. The code only reads that env var and does not request other credentials.
Persistence & Privilege
always is false and the skill does not request persistence or modify other skills or system settings. It can be invoked autonomously per platform defaults, which is expected for a tool-like skill.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install kai-tw-figma - After installation, invoke the skill by name or use
/kai-tw-figma - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.3
Fix: Declare FIGMA_TOKEN as required environment variable using proper metadata.openclaw.requires.env structure - resolves registry metadata inconsistency
v1.0.2
Fix: resolve remaining security scan issues - proper required_env declaration in SKILL.md, expanded security documentation in README, clarify read-only API scope and file writing behavior
v1.0.1
Fix: Declare FIGMA_TOKEN as required credential in metadata to resolve clawhub security scan inconsistency
v1.0.0
Security fixes: remove SSL unverified context (MITM vulnerability), implement get-project-files method, remove unused variables and imports
v0.0.1
Initial release providing Figma API integration.
- Read Figma file structures (pages, frames, layers)
- Export layers or components as images in multiple formats (PNG, JPG, SVG, PDF)
- Retrieve recent comments from Figma files
- Requires Figma Personal Access Token for setup
Metadata
Frequently Asked Questions
What is Figma?
Interact with Figma files to read structure, export layers as images, and retrieve comments using the Figma REST API with authentication. It is an AI Agent Skill for Claude Code / OpenClaw, with 1495 downloads so far.
How do I install Figma?
Run "/install kai-tw-figma" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Figma free?
Yes, Figma is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Figma support?
Figma is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Figma?
It is built and maintained by kai-tw (@kai-tw); the current version is v1.0.3.
More Skills